Static Analysis

Subscribe to Static Analysis: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Static Analysis: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Most organizations that use Linux as a business operating system are developing their own applications for Linux - perhaps in response to the current scarcity of packaged applications available on Linux. With so much internal development for Linux, it is critical that the IT groups building your Linux-based applications have a means to efficiently produce reliable code. If they don't, you will jeopardize the very reliability and cost-effectiveness that most organizations are trying to achieve by turning to Linux. However, most development teams follow a development process that is far from efficient, and the applications they provide typically experience functionality problems and security weaknesses that require patches, updates, and redeployments. In fact, most IT organizations waste a great deal of their time, effort, and resources fixing what is essentially the... (more)

Intellyx Announces Agile Architecture Webinar Series with EITAGlobal

Topics Range from APIs to Digital Transformation GLENS FALLS NY AND FREMONT CA, July 24, 2014 – Intellyx and EITAGlobal today announced that they are jointly producing a four-Webinar series featuring industry expert and thought leader Jason Bloomberg. The topics include Agile Architecture, Dynamic APIs and Schemas, Digital Transformation, and Enterprise Architecture. For more information or to register, please follow the links below. Agile Architecture Challenges & Best Practices August 19, 10:00 PDT/1:00 EDT Dynamic APIs and Dynamic Schemas: The Secrets of Building Inherently Flexible Software September 23, 10:00 PDT/1:00 EDT Digital Transformation: Cutting through the Hype for True Business Value October 9, 10:00 PDT/1:00 EDT Why Enterprise Architecture is Completely Broken and How to Fix It October 28, 2014 10:00 PDT/1:00 EDT Full Descriptions of Each Webinar Agile Arc... (more)

Market Analysis of the Web Design Industry

NEW YORK, Dec.18, 2013 /PRNewswire/ -- As do-it-yourself website creator Wix files for IPO at a company valuation of $700M, does this development mark the future of the website design industry? Would website creation be led by non-professional amateurs and hobbyists using DIY solutions? What role would professional designers play in this evolving market? (Photo: http://photos.prnewswire.com/prnh/20131218/NY35645) With tools like Wix (Homestead, Squarespace and Weebly), the market has seen a rise of low-cost, DIY solutions, offering B2C platforms for small business owners. Designed to provide a "fast, fun and easy" process, these DIY websites allow amateur users to choose from a limited selection of pre-designed templates to create basic websites. Yet, just 3% of websites are created using do-it-yourself platforms. Amateur users find it hard to finish the process on the... (more)

SOA World - Exclusive Q&A with Dr Adam Kolawa, Co-founder & CEO of Parasoft

“Developers need to realize that Automated Defect Prevention benefits them," says Parasoft co-founder & CEO Dr Adam Kolawa in this Exclusive Q&A with SYS-CON Media's Java Developer's Journal. "But they won’t start recognizing this until they see that they have less work," Kolawa continues. The key to success, he adds, is to have an infrastructure handle as much work as possible. "This way, developers have time to focus on the creative tasks they enjoy most...the ones that truly require human intelligence." View Dr Kolawa on SYS-CON.TV Read Dr Kolawa's Articles “Developers need to realize that [ADP] benefits them. But they won’t start recognizing this until they see that they have less work.” -- Dr Adam Kolawa, Co-Founder & CEO of Parasoft Dr Adam Kolawa is the coauthor of the recently published Automated Defect Prevention: Best Practices in Software Management (Wiley... (more)

Java Application Security in the Corporate World

The vast majority of corporate developers truly believe that application security is not their concern, assuming that network and engineering groups will build their environment in a secure way. But what about application security? Are you ready for the code audit? Application Security Isn't Getting the Attention It Deserves When most people in the corporate world talk about "security," they mean the security of the network, operating system, and servers. Organizations that want to protect their systems against hacker attacks invest a lot of time, effort, and money ensuring that these three components are secure. Without this secure foundation, systems cannot operate securely. However, even if the network, server, and operating system are 100% secure, vulnerabilities in the application itself make a system just as prone to dangerous attacks as unprotected networks, op... (more)

JDJ Product Review — Parasoft Jtest 8.0

In terms of unit testing and code compliance, Jtest is a real heavyweight in the arena. For those who haven't come across Jtest before, it's an application that will analyze your Java application code for you. At present Jtest has 700 built-in rules and 100 security rules and it will autocorrect 250 of those rules for you. It provides Parasoft SOAtest hooks for testing of SOA/Web services and Web apps. The reporting engine is also built-in so once tests are run, you can view and print results via a Web browser. There are some new features such as improved J2EE testing and the Bug Detective, which I will cover later in this review. The front end is built on the Eclipse framework so it will be familiar to some of you. Test projects are created the same way you would create a project in Eclipse. The wizards are easy to use and I got up and running in a short time. You... (more)

JavaOne 2008: Uncommon Java Bugs

Any large Java source base can have insidious and subtle bugs. Every experienced Java programmer knows that finding and fixing these bugs can be difficult and costly. Fortunately, there are a large number of free open source Java tools available that can be used to find and fix defects early in the development life cycle. In this article, we’ll look at a few examples of specific uncommon[1] or unusual defects that can happen in code and see how different Java static analysis tools detect them. Testing As software gets more complex and ubiquitous, it becomes more difficult to ensure high-quality code. One common method of finding bugs is testing. But testing can’t cover all paths and possibilities or enforce good programming practices. Expert knowledge in the form of manual code review by peers is one of the best ways to ensure good code quality. Code revie... (more)

The Paradox of Writing Perfect Code

Don't you love looking at a good piece of code? I'm talking about the kind of code where the design is so sound that the code practically wrote itself, where there were no nasty surprises at implementation, where it was 100% feature complete and bug-free, and you didn't have to patch it up a bunch of times. Maybe I'm squarely in the land of Santa Claus and the Easter Bunny, but I believe, deep down, all developers want to write that perfect piece of code. Unfortunately, real life has other ideas. Deadlines, unclear or conflicting requirements, ridiculous scope, being human - all these things keep us from the promised land of perfect code. But here's the rub: though it may be satisfying to dream about, it's likely that you'll never produce truly perfect code for real-world applications. You'll sit down to write a piece of code, you'll do the best you can, taking int... (more)

Bulletproof .NET Code

.NET languages are becoming increasingly popular for driving the application logic for business-critical SOA and Web applications. In these contexts, functional errors are simply not acceptable, and reliability, security, and performance problems can have serious repercussions. Yet, few development teams have the resources to ensure that their code is free of implementation errors, let alone also worry about reliability, security, and performance. Whether or not your team has a satisfactory strategy for functional testing, you're taking several significant risks if you haven't yet implemented a comprehensive team-wide quality-management strategy: New code might cause the application to become unstable, produce unexpected results, or even crash when the application is used in a way that you didn't anticipate (and didn't test for). New code might open the only door tha... (more)

Product Review: Parasoft WebKing

Quality-conscious developers are familiar with the idea of coding checklists. The code you write must measure up to all the criteria on the checklist, from "no grammatical errors in the comments" to "performs all required functions." Based on these checklists, we have code reviews. A good code review takes time, but is certainly worth the effort. Such reviews can prevent many costly errors. However, when crunch time hits, thorough code reviews are often impossible. That's where a tool like Parasoft's WebKing can help. For several decades tools to automatically generate and run tests have been available. As I wrote in Program Smarter, Not Harder, automated testing tools can provide the most bang for the buck in software development process improvement. After years of fighting software wars, developers have figured out that catching errors using static analysis relativ... (more)

How Good Is Good Enough?

Intellectually everyone understands that improving code quality is a good thing. After all, we know bad quality when we see it. (Anyone old enough can cast his or her mind back to the late '80s and Microsoft Word for Windows 1.0.) But we also know that there comes a point where there's a diminishing return on our investment in code quality. How much work would you put into tracking down a bug that's only ever been reported once by a user running on OS/2 Warp? The problem with code quality initiatives is that we really don't know how much effort to put into them. We have never truly answered the question: how much quality is enough? Why Code Quality Is Important The Standish Group famously reports on the software industry's inability to deliver successful projects on a regular basis. In 2004, it reported that just 29% of software projects were considered a "success."... (more)